<?php
/* FILE: edit_item.php
 * DESCRIPTION: Page displaying form for editing an item.
 * POST DATA: item_rating, item_image_url, attribute data
 * GET DATA: cname (collection name), id (item id), err (error code)
 */ 
	session_start();
	include('config.inc');
	include('includes/functions.php');
	
	//Get item id and collection name from url
	$itemId = $_GET['id'];
	$collectionName = $_GET['cname'];
	
	//Check to see if current user is owner of collection
	if(getUID($collectionName) == $_SESSION['user_name'])
	{
		// Query to get column names of collection		
		$columnNamesResult = getAttributes($collectionName);
		
		//Query to get the item data
		$itemDataQuery = 
			"SELECT * FROM item I, "
			. mysql_real_escape_string($collectionName)
			. " C WHERE I.item_id = "
			. mysql_real_escape_string($itemId)
			. " AND I.item_id = C."
			. mysql_real_escape_string(removeUID($collectionName))
			. "_item_id AND I.item_user_id = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "';";

		//Query for item information
		if(!$itemDataResult = mysql_query($itemDataQuery))
		{
			echo $itemDataQuery;
			die("Error getting item data");
		}
		
		//Grab data on the row returned by itemDataQuery
		$dataRow = mysql_fetch_row($itemDataResult);
		//Output html stuff
		echo "<html><body>";
		echo "<a href=\"collection_item_list.php?colname=" 
			. mysql_real_escape_string($collectionName)
			. "\">Back</a><br><br>";
		//Output error
		echo "<font style=\"color:#FF0000;\">";
		if((string)$_GET['err'] == 'invalid')
		{
			echo "One of your item attributes is invalid. Please review them and try again.";
		}
		echo "</font>";
		//Form
		echo "<form action=\"process_edit_item.php?cname="
			. mysql_real_escape_string($collectionName)
			. "&id="
			. mysql_real_escape_string($itemId)
			. "\" method = \"POST\">";
		echo "<table border=\"0\" cellpadding=\"2\">";
		echo "<tr><td style=\"font-weight:bold;\" bgcolor=\"#FFFF99\" align=\"right\">Rating</td>";
		//Output rating
		echo "<td><select name=\"0\">";
		selectRating((int)$dataRow[1]);
		echo "</select></td><tr>";
		//Output image url
		echo "<td style=\"font-weight:bold;\" bgcolor=\"#FFFF99\" align=\"right\">Image URL</td>";
		echo "<td><input type=\"text\" name=\"1\" value=\"" 
			. urldecode($dataRow[2])
			. "\" style=\"width:200px;\"></td>";
		//Output attributes according to collection
		$i = 2;
		while ($clmName = mysql_fetch_row($columnNamesResult))
		{
			echo "<tr><td style=\"font-weight:bold;\" bgcolor=\"#FFFF99\" align=\"right\">"; 
			echo $clmName[0] . " (" . selectAttributeTypeString($clmName[1]) . ")";
			echo "</td>";
			echo "<td><input type=\"text\" name=\"" . $i . "\" value=\"" 
			. mysql_real_escape_string($dataRow[$i+4]) 
			. "\" style=\"width:200px;\"></td></tr>";
			$i = $i + 1;
		}
		echo "<tr><td colspan=\"2\" align=\"center\" style=\"border-width: 0px;\">";
		echo "<input type=\"submit\" value=\"Submit Changes\">";
		echo "</td></tr></table>";
		echo "</form>";
		echo "</body>";
		echo "</html>";
	}
	else
	{
		unset($_SESSION['user_name']);
		header('Location: index.php?err=denied');
	}
?>